Active security device including an electronic memory

ABSTRACT

The present invention concerns a security device containing secret information, of the type comprising a memory area of an integrated circuit receiving said information and protection means covering and fastened at least to the memory area. The protection means comprise at least a second integrated circuit. The device further includes interactive connecting means between the two integrated circuits and means for destroying the secret information if the connection is interrupted or disrupted.

The present invention concerns a security device including an electronicmemory and designed to protect secret information contained in thememory.

BACKGROUND OF THE INVENTION

Such devices are included in portable payment terminals, for example,within an electronic security application module (SAM). These modulesare very important because they contain secret information (example:bank keys), the discovery of which would allow access to an entiresystem.

The information is necessarily in an electronic layer of an integratedcircuit. A passivation layer generally covers the electronic layer.

In some cases, this layer may not be a sufficient obstacle to access tothe secret information, if sophisticated reading means are employed toread the information through the passivation layer. These reading meanscan utilize particle beam-type scanning techniques, for example.

Existing techniques intended to protect such information include the useof conventional intrusion sensors to protect an enclosure containing theelectronic memory containing the information.

Also known in themselves are means protecting the integrated circuitdirectly against reading with the aid of sophisticated equipment. Saidmeans are of two types: the first consists in masking the pattern of thesemiconductor, for example by a metalization, a grid of dummy circuitsor a diamond carbon layer; the second consists in memorizing theinformation in a RAM type memory and possibly combining it with randomnumbers that are changed continuously. The information is accessibleonly through an operating system that controls access to it. Theprinciples used are identical to those of microprocessor cards. Withthis second type of means, the secrets contained in a RAM are alwayslost if the power supply to the component is interrupted. In this case,access to the information is not totally impossible providing thefollowing are known:

how to eliminate the resin from the casing of the component when live,without creating a short-circuit that would lead to loss of theinformation,

the exact schematic of the component,

the memory "scrambling" table,

the address of the secrets in the memory plane, and

the correct manner of writing and reading the address bus and the databus in real time.

The various prior art techniques mentioned hereinabove have thedisadvantage of being ineffective if highly sophisticated means areemployed or of being costly, in particular when diamond carbon masks areused.

OBJECTS AND SUMMARY OF THE INVENTION

An aim of the present invention is to provide an electronic securitydevice that is more effective and the implementation of which iscompatible with standardized fabrication processes.

To this end, the present invention consists in a security devicecontaining secret information and designed to prevent access to saidinformation by external exploration means, of the type including anintegrated circuit having a memory area receiving said information andprotection means covering and fastened at least to said memory area toform an obstacle to exploration, wherein said protection means compriseat least a second integrated circuit and wherein they further compriseinteractive connection means between the two integrated circuits andmeans for destroying the secret information if their connection isinterrupted or disrupted.

According to a feature of the invention, the device includesauthentication means for authenticating at least the second integratedcircuit.

In a first embodiment of the invention, the integrated circuits aredisposed one behind the other and include external electricalconnections connecting them to each other.

In a second embodiment of the invention the integrated circuits aredisposed face-to-face and include internal electrical connectionsconnecting them to each other.

BRIEF DESCRIPTION OF THE DRAWINGS

Other features and advantages of the present invention emerge from thefollowing description of an embodiment of the invention given withreference to the accompanying drawings, in which:

FIG. 1 shows in section the structure of a first embodiment of theinvention,

FIG. 2 shows in section the structure of a second embodiment of theinvention, and

FIG. 3 shows the invention with particular interactive connection modes.

FIG. 4 shows in section the structure of a third embodiment of theinvention.

FIG. 5 shows in section an alternative of the structure of theinvention.

MORE DETAILED DESCRIPTION

Referring to FIG. 1, the security device comprises two electroniccircuits disposed one above the other, a first circuit or "master"circuit 1 to be protected under a protecting second circuit or "slave"circuit 2. In this instance these circuits are two integrated circuits1, 2 fastened together and connected together by connecting means. Theconnecting means must allow interaction between the master and slavecircuits: exchange or circulation of flux or of signals of any kind(magnetic, electrical, optical, capacitive . . . ). They may consist ina simple electrical contact. The interaction is preferably dependent onthe distance between the integrated circuits so that the smallestrelative displacement of the two circuits interrupts it or disrupts it.

Instead of or in addition to the preferred connecting means, theconnecting means of the invention also cover communication between thetwo circuits, which are then considered as transmitters and/orreceivers.

Each integrated circuit comprises a substrate 3, 3', an electronic layer4, 4' on the substrate and a passivation layer 5, 5' covering theelectronic layer. The substrate is a semiconductor, usually silicon orgallium arsenide. This layer is between 100 μm and 300 μm thick. Theelectronic layer contains functions and a memory area 6, 6' to containthe secret information. This layer is about 10 μm thick. The passivationlayer on top of the electronic layer is a layer of an inert materialsuch as silicon nitride, for example. This layer is a few tens ofmicrometers thick.

The structure of the second integrated circuit is generally equivalentto that of the first circuit, apart from its dimensions; the electroniclayer may include a memory area that can also contain some of the secretinformation. The second integrated circuit is disposed on top of thefirst so that it covers at least the memory area containing the secretinformation. It can also mask sensitive circuits such as the processor,the bus and the memories and any circuit element from which informationon the secrets could be derived.

The two integrated circuits are fastened together, for example by alayer 7 of cyanoacrylate glue between the passivation layer of the firstintegrated circuit and the substrate of the second integrated circuit.The glue may be chosen so that any attempt to separate the twointegrated circuits tears off either the passivation layer or thesubstrate.

A plurality of gluing areas may also be used, each with a glue of adifferent kind, or a combination of glues, or any other fasteningtechnique.

The first integrated circuit is larger than the second to allow accessto its power supply and connections. Connection means connect the twointegrated circuits externally; to this end, connections 8 open onto therespective free surfaces 10, 10' of each integrated circuit. Theseconnections are connected by gold or aluminium wires 9 which extend outof the integrated circuits. The electronic system is powered up at alltimes by an external back-up battery (not shown). The master componenthas connections 15 for connection to the environment, for example to thecomponents of the SAM. In the conventional way, the wires may beembedded in a coating material such as resin.

The memory of the first integrated circuit and even that of the secondmay be of the RAM type.

According to an improved aspect of the invention, the security devicemay further comprise authentication means for authenticating at leastthe second electronic circuit. Authentication can be carried out at anytime, periodically or at random. The period must be less than the timeneeded to substitute a simulation circuit for the second circuit. Thesemeans are preferably incorporated into both the integrated circuits.They cooperate to assure at least the authentication of the secondintegrated circuit. In this way authentication can be either unilateralor mutual. The authentication procedure involving the two integratedcircuits may be based on a conventional process of exchangingcryptographic or electronic signals.

In accordance with a further improved aspect of device, theauthentication means can use a procedure employing a dynamic sessionsecret key that it is known in itself. The means to be employed aredescribed in the American standard ANSI 9.24.

The security device includes means for destroying secret information inthe absence of authentication and in the event of disconnection ordestruction of one of the electronic circuits. These means are at leastpart of the first integrated circuit and are known in themselves, forexample they are means for reinitializing the memory.

FIG. 2 shows a different form of the security device of the invention.It is also made up of two integrated circuits, the structure of each ofwhich is globally identical to that of the integrated circuits of theprevious embodiment. The same reference numbers are therefore used todesignate the same items. The essential difference is that the twointegrated circuits are disposed face-to-face.

With this arrangement, the passivation layers of the two integratedcircuits are mechanically fastened together. They are fastened togetherso that their connections are aligned with each other. The twointegrated circuits can be fastened together by a layer of cyanoacrylateglue, as previously.

The electrical contact between the two circuits may be made by means ofa conductive glue, for example a silver-based glue. In one embodiment ofthe connections, the latter are effected by means of a bondingtechnique, in the conventional way using indium balls 9', for example.

The same conductive glue can be used not only to make the contact butalso to fasten the two integrated circuits together. In this way, usingsolvent to dissolve the glue in order to separate the components alsobreaks the electrical connection.

The slave component may advantageously be energized first, externally,after which the electrical power supply passes through the internalelectrical connections between the components to energize the mastercomponent, or vice versa.

Accordingly, if the circuits are separated, the power supply to themaster component is interrupted and the information is lost if it is inRAM (volatile memory with no back-up power supply).

This arrangement is particularly beneficial in that the connectionsbetween the two integrated circuits are internal, which represents afurther barrier to violation of the security device.

The secret information can be divided between the master and slavecomponents. The components can be of the same importance and serve asmaster and slave turn and turn about.

The protection principle can be applied to a number of integratedcircuits greater than two. The integrated circuits can be stacked one ontop of the other.

The master component can also have n surfaces to be protected, eachsurface being covered by a slave component.

The same electronic layer can include a plurality of master electroniccircuits each containing part of the secret information and eachprotected by a slave component.

The device can be constructed from two integrated circuits using thestandard "multi-chip-module" (MCM) fabrication technique. This devicetherefore has the advantage of being economical.

In FIG. 3 the two components are disposed face-to-face, as in FIG. 2.The same reference numbers are used for the same items. The fasteningmeans are separate from the electrical connection means, however.

The connection means each comprise an electromagnetic coil etched on thesemiconductor of each component. These coils are disposed face-to-faceand coupled electromagnetically, preferably closely coupled. Thisassures magnetic interaction between the two components.

This interaction can advantageously be used to convey communicationinformation between the two components, for example for the purpose ofauthentication by the procedure previously described. It also enablesone component to be supplied with power through the other.

Communication for transmission of data and power supply are preferablyeffected at the same time via the same coils. The means to be employed,known in themselves, are described in the ISO standard (IEC 10536 part3). They use two out-of-phase signals to energize the coils. Very closeelectromagnetic coupling tolerates virtually no displacement of onecomponent relative to the other. The slightest displacement disrupts orinterrupts the interaction between the sending and receiving coils.Similarly, any attempt to insert a signal rerouting member between theconnections causes detectable disruption or interruption of theinteraction.

Interruption of the power supply to a component containing informationin a RAM leads to loss of the information and disruption can lead tototal or partial modification of the communication signal and corruptthe integrity of a message between the two components.

One way to detect corruption of the integrity of a message is to useconventional error correcting or error detecting codes such as theHamming code or CRC 16 code (polynomial code).

If an error is detected, the destruction means are activated toeliminate the secret information. If a RAM is used, the destructionmeans may consist in means of interrupting the power supply to thecomponent, for example a transistor connected in series with the memorypower supply bus.

The components may include other connecting means in place of theelectromagnetic coils. The circuit elements 13, 13', 14, 14' may becapacitors or optical diodes for capacitive interaction oropto-electronic interaction, respectively.

In the case of opto-electronic coupling, a transparent window isprovided between the components 13, 13' and 14, 14', either by virtue ofthe absence of material or by employing a transparent material (notshown).

The means for exploiting and processing such signals are conventional.The authentication means and the information destruction means can beidentical to the means described with reference to FIGS. 1 and 2.

The first integrated circuit can also be supplied with power bycapacitive coupling.

Two different types of connection may be used for the power supply andfor data transmission, for example electromagnetic coupling for one andcapacitive coupling for the other.

The security device from FIG. 1 operates as described hereinafter.

The device being powered up, for example from an external back-upbattery, periodic communication is established between the twocomponents, for example to carry out a mutual authentication procedureas defined by ISO/IEC standard 9594-8, for example. If one of the twocomponents interrupts the communication and/or is not authenticatedcorrectly, the secret information is erased in the component that failsto authenticate the other component. If necessary, to prevent anysimulation of components in question, the secret authentication key is adynamic session key created with the active security module isinitialized.

To reach the secrets contained in the first integrated circuit it isfirst necessary to remove the integrated circuit disposed on top of it,without the latter being destroyed or modified. Given the manner inwhich the two integrated circuits are fastened together, for example bymeans of a cyanoacrylate glue, it is virtually impossible or extremelyperilous to attempt to separate the second circuit without destroyingit.

Assuming that means were available for separating the second integratedcircuit from the first circuit without destroying it or deactivating it,the second embodiment of the security device could then be used (FIG. 2or FIG. 3).

The device from FIGS. 1 and 2 operates in the manner describedhereinafter.

If the electrical connections are assured internally by simple contact,gluing or soldering using indium balls, it is then impossible touncouple the two integrated circuits without breaking the contact.

If the connections are effected electromagnetically, capacitively,optically, mere movement of one component relative to the other disturbsthe interaction and this is treated as a broken connection.

If the connections supply power to the integrated circuits, breakingthem leads to the erasing of the information contained in a volatileRAM.

Uncoupling is more difficult if the connections are near the middle ofthe security device, that is to say near the middle of the respectivecontact surfaces of the master and slave components.

The authentication means of the second embodiment of the security deviceoperate in exactly the same way as those of the first embodiment.

If electrical connections are used for communication in the context ofan authentication procedure, breaking them results in no authenticationin the period allowed and the means for destroying the information areactivated, for example to set all memory locations to the same level.

In the preferred case where a RAM is used to contain the secretinformation, the destruction means are means for cutting off the powersupply to the component.

In this second embodiment, displacement of one circuit relative to theother always leads to the loss of the secret information.

In FIG. 4, the two components are disposed face-to-face, as in FIGS. 2and 3. The same reference numbers are used for the same items.

However, in this embodiment, the fastening means are different. It canbe seen that the electrical connection is performed by an anisotropicconductive film 9" formed by microballs 90", polymeric balls of 10 to 20μm coated with gold for example, isolated from each other in an adhesivefoil 91", electrically isolating and made of epoxy resin orthermoplastic resin. When pressure is applied on this assembly,microballs present in the area between connection points 8, 8' come intocontact with said connection points and constitute a conducting pathbetween the two circuits. On the contrary, no contact is performedbetween microballs 90" in a perpendicular direction. The adhesive foil91" remains fully isolating preventing any electrical current. Such ananisotropic conducting film is available from company CDS under the nameAlpha Bond.

In FIG. 5 is shown an alternative embodiment of the structure of thesecurity device in accordance with the invention.

In this alternative embodiment, the memory area containing the secretinformation has a lateral shoulder 41. It can be understood that in thatway any attempt to reach the memory area by lateral exploring of thedevice is not possible since, because of the presence of shoulder 41, itwould result in an important disturbance of the first integrated circuitfunctioning preventing any mutual authentication with the secondintegrated circuit, which would lead to the destruction of the secretinformation.

Practically, passivation layer 5 of the first integrated circuitdeposited on memory area 4 also has a shoulder, so that said firstcircuit shows in section a hollow profile. Thus, the second integratedcircuit is such made that passivation layer 5' shows in section aprojecting profile, conjugated with the hollow profile of the firstcircuit.

It is therefore possible to merely fit face-to-face two circuits intoone another.

Advantageously, the interval between the two passivation layers 5, 5' isfilled with teflon.

I claim:
 1. A security device containing secret information and designedto prevent access to the secret information with external explorationmeans, comprising:a first integrated circuit having a memory area forstoring the secret information; protection means covering at least saidmemory area and fastened to said first integrated circuit to form anobstacle to exploration by the external exploration means, wherein saidprotection means comprise a second integrated circuit; interactiveconnection means to provide interaction between said first and secondintegrated circuits; and means for destroying the secret information ifrelative movement between said first and second integrated circuits issuch that said interaction is interrupted or disrupted.
 2. A securitydevice according to claim 1, wherein said interactive connection meansincludes authentication means for authenticating at least the secondintegrated circuit.
 3. A security device according to claim 2, whereinthe authentication means employ a procedure using a dynamic sessionsecret key.
 4. A security device according to claim 1, wherein the firstand second integrated circuits are disposed one behind the other andinclude external electrical connections connecting them to each other.5. A security device according to claim 1, wherein the first and secondintegrated circuits are disposed face-to-face and include internalelectrical connections connecting them to each other.
 6. A securitydevice according to claim 5, wherein a power supply to the first orsecond integrated circuit is effected through internal electricalconnections.
 7. A security device according to claim 5, wherein at leastthe memory area of the first integrated circuit has a lateral shoulder.8. A security device according to claim 7, wherein said first and secondintegrated circuits have conjugated profiles so as to be fitted into oneanother.
 9. A security device according to claim 5, wherein the firstand second integrated circuits have their electrical connectionsdisposed face-to-face.
 10. A security device according to claim 9,wherein the first and second integrated circuits are connected bysoldering.
 11. A security device according to claim 9, wherein theelectrical connections are effected by means of a conductive glue.
 12. Asecurity device according to claim 11, wherein the first and secondintegrated circuits are fixed together by a layer of conductive glue.13. A security device according to claim 9, wherein the first and secondintegrated circuits are connected by an anisotropic conductive film. 14.A security device according to claim 13, wherein connections whichsupply power to the first integrated circuit also transmit data.
 15. Asecurity device according to claim 1, wherein the first and secondintegrated circuits are disposed face-to-face and includeelectromagnetic or capacitive internal connections.
 16. A securitydevice according to claim 15, wherein the connections of the first andsecond integrated circuits are in a central area of their respectivecontact face.
 17. A security device according to claim 1, wherein thefirst and second integrated circuits are fixed together by a layer ofglue.
 18. A security device according to claim 1, wherein the secondintegrated circuit also includes a memory area and wherein theinteractive connection means include mutual authentication means.
 19. Asecurity device according to claim 1, wherein at least one of the firstand second integrated circuits includes a RAM containing secretinformation.
 20. A security device according to claim 1, wherein each ofthe first and second integrated circuits covers circuit elements of theother integrated circuit from which the secret information can bederived.
 21. A security device according to claim 1, wherein saidprotection means is fastened at least to said memory area.
 22. Asecurity device containing secret information and designed to preventaccess to the secret information with external exploration means,comprising:a first integrated circuit having a memory area for storingthe secret information; protection means covering at least said memoryarea and fastened to said first integrated circuit to form an obstacleto exploration by the external exploration means, wherein saidprotection means comprises a second integrated circuit; authenticationmeans for authenticating at least said second integrated circuit viainteractive connection means between said first and second integratedcircuits; and means for destroying the secret information of saidinteractive connection means is interrupted or disrupted to therebyrender the authentication of said second integrated circuit incorrect.23. A security device according to claim 22, wherein the authenticationmeans employ a procedure using a dynamic session secret key.
 24. Asecurity device according to claim 23, wherein the second integratedcircuit also includes a memory area, and wherein said authenticationmeans include means for mutual authentication between the first andsecond integrated circuits.
 25. A security device according to claim 22,wherein said protection means is fastened at least to said memory area.